Академический Документы
Профессиональный Документы
Культура Документы
07/30/11
CONTENTS
1.Introduction 2.Proposed System 3.Replication detection models 4.Tests and Results 5.Discussions 6.conclusion 7.Reference
INTRODUCTION
VIRUS
What is a virus How it is hazardous
EXISTING SYSTEM
Signature Based Method Limitations
07/30/11
PROPOSED SYSTEM
07/30/11
CHARACTERIZING REPLICATION
What is replication How characterization is done
07/30/11
opened read
written
Fig. Complete Replication Sequence searched
finddir getfileattrib
closed
07/30/11
closefile
Implemented in 4 Steps
1.Build a Training Set - in sample size for each
3.Extract Operation Sequence - create all subsequences - attempt to match in other training set - If match is made ,then record
07/30/11
4.Match operation subsequence in a process to detect Virus Replication - set made in training session is used in detection
07/30/11
Based on high frequency of execution of replication sequence Uses percentage of replication state occurring
07/30/11
Implemented in 3 Steps
1. Build a training set of random virus sample 2. Calculate percentage occurring for
Process
- occurrence percentage in training set is compared with that in process
07/30/11
DISCUSSIONS
Many viruses can be detected based on the virus replication of small number of known viruses
virus containing multiple sequences
Virus Name Number of Detected Subsequence Viruses s 11 7 130 96
Bagle.a Eyeveg.m
Plexus.a
62
CONCLUSION
Presented a characterization of virus replication with two detection models
1.Opration Sequence Model
2.Replication Frequency Model
Detecting virus replication is possible for both detected and undetected viruses based on characterization of replication
07/30/11
17
Reference
1. A.Gostev, Kaspersky security bulletin 2006: Malware evolution, viruslist.com
4. www.cnetNews.com
07/30/11
07/30/11
19
Q??????
07/30/11